Juniors CTF 2016 :: Southern Cross

Key Takeaways

Hey, what's up everybody? My name is John Hammond. Welcome back to another YouTube video looking at the Junior CTF uh capture the flag competition that was going on last week. Um another challenge called Southern Cross uh crypto challenge. Um 300 points. I can show this one off. Um so they showcase this Confederacy cipher disc. um which seemingly is a disc that has a specific key that you can encode phrases with just like classic cryptography. Um so the challenge here is that we encrypted the phrase. Here it is. Now I'll encode a famous story and you'll try to decode it. Uh it's very interesting to read the whole story over it. So this link these ellipses is actually a link to a cipher text you can download. So it's just a big text file. So go ahead and download that. Um I'll open it. So, we have it and it's just words. Turn off word rap. Can I do that in Jedit? Wow, Jedit sucks. Whatever. Oh, I closed it. That was dumb. Regardless, there's this JavaScript thing that allows you to like turn their version of the thing like left and right. I don't know if they actually like wanted you to do the challenge this way or probably I'm sure it was just a red herring because honestly they don't do that. That sucks and stupid. Um but you get that cipher text. So the idea is to decode it. Um so what I want to do is I want to look up this Confederacy cipher disc because I'm curious like okay what is that? Does it have any like easy online things? And I Google it, do a little bit of research. So apparently obviously a mechanical wheel, mechanical disc, um created for the Confederate stuff in history and things. Um but it's regardless it's based on the veneer cipher. So okay, cool. Um I know about the veneer cipher. I don't know how it works, but I mean there's totally a bunch of veneer cipher solvers all over the internet. So uh the one that I use almost constantly whenever I find a vine cipher is the the geocaching profile one. So, uh, let me get that cipher text one more time. I think it's Let's download it again. Probably sounded really weird in the mic. All right, so we can paste this encrypted text in there and it's a big disgusting story. Um, and I say, I don't know what the shift key is, so no, please try and determine it and figure it out for me. And I just tell you, code break and this nice online tool does it for me. I've seen like some stuff with feather duster which is a cool module and stuff for cryptography. Not okay not an actual feather duster but feather duster get an automated modular cryp analysis tool which is super cool. Um and I think it has some veneer some veneer cipher stuff. Um and I've seen others to like some other Python code to break veneers but they even have some stuff in their tests and examples. Um yeah, veneer and test break veneer. Yeah, veneer cipher text and and stuff like that. Um but this online one does it. Okay, so when I have internet, I'm fine with using this. So they find that this key is supposedly Boloulevard because it's Boulevard repeated over and over and over again. And that does get some plain text. I'll try and zoom in here. This is probably hard for you to read. uh 20 miles west of Tuxen, the Sunsets Express, etc. So, this is English, so that looks good to me. Um, at first glance, it would make sense to try and submit the key as the actual flag. As usual, that is the wrong idea you should have for the CTF. That didn't work. That is not the flag. Um, they say very cryptically and discreet in the challenge prompt, don't forget to reach the end of the text. The ending is greatly important. So, uh, again, a complete guess, a complete a shot in the dark that I took, but if you scroll through to literally the very end of the message, um, there is a notion here that says Bolivar cannot carry double. And because I just saw Bolivar, because I saw the key, I'm like, "Oh, I wonder if that is it. I wonder if that's the flag." And I copied that and pasted it, and that was the flag. So, again, no real notion. I mean, I don't know if uh he will settle at 185 said Dodson. Uh Boulevard cannot carry double. Maybe maybe maybe I should have maybe I'm wrong. You know, maybe there should have been more hints and more clues that I completely was blind to, but uh I submitted that and got the flag. So, that's the Southern Cross challenge for the junior CTF. Um this Confederacy cipher disc, which behind the scenes is just a veneer cipher, which isn't too difficult with an online cracker. And if you wanted to, I'm sure you can find some stuff in Python or work with Feather Duster to uh do something more automated that you don't need an online crutch for. But that's it. So, thanks for watching, guys. Hope you enjoyed them. And I'll showcase some of the other challenges real real soon. Are you